Target Model
Blast radius calculation, tool classification, and semantic impact
The target model classifies tools by their action type and computes the blast radius of proposed actions — what downstream systems, entities, and data will be affected if the action proceeds.
How It Works
Tool Classifier (tool_classifier.py)
The ToolActionClassifier determines whether a tool call is a read (observation) or an action (mutation):
Classification uses two strategies:
- Explicit DB metadata — The
aegis_tool_metadatatable stores per-tool classifications set by administrators - Heuristic fallback — If no metadata exists, prefix-based heuristics classify tools (e.g.,
get_*,list_*,read_*= read;update_*,delete_*,create_*= action)
Results are cached per workspace with a configurable TTL.
Impact Engine (impact_engine.py)
The AegisImpactEngine computes blast radius for proposed actions:
The impact engine:
- Matches the tool against registered impact rules using glob patterns
- Identifies affected entities (downstream systems, data stores, APIs)
- Computes severity based on the number and type of affected entities
- Generates rollback plans where possible
- Aggregates plan entries into human-readable summaries
Data Structures
AffectedEntity describes a single affected entity:
name— Entity identifiertype— Entity type (database, api, queue, etc.)relationship— How this entity is affected (direct, cascade, etc.)reversible— Whether the change can be rolled back
ImpactSet aggregates the blast radius:
affected_entities— List of all affected entitiesseverity— Aggregate severity levelrollback_plan— Combined rollback instructionshash— Deterministic hash for attestation signing
Architecture
The target model integrates with the PDP:
Impact sets are hashed and included in attestation signatures, ensuring the blast radius computation is part of the tamper-evident audit trail.
Configuration
Impact rules are managed via the REST API:
Technical Details
- Tool classification caching uses per-workspace TTL to handle dynamic tool registration
- Impact rule matching uses
fnmatchglob patterns (_tool_matches_patterns()) - The
hash_impact_set()function produces a deterministic hash for attestation signing - Rollback plans are aggregated from individual entity plans via
_aggregate_plans() - The impact engine is PostgreSQL-only — no LLM or Oxigraph dependency